[
https://issues.apache.org/jira/browse/LUCENE-6292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Muir updated LUCENE-6292:
--------------------------------
Attachment: LUCENE-6292.patch
here is a patch.
> seed StringHelper better
> ------------------------
>
> Key: LUCENE-6292
> URL: https://issues.apache.org/jira/browse/LUCENE-6292
> Project: Lucene - Core
> Issue Type: Bug
> Reporter: Robert Muir
> Attachments: LUCENE-6292.patch
>
>
> The current code is good, it avoids SecureRandom/blocking when we don't need
> real security (just used for safety checks).
> On the other hand it has some downsides:
> * the sources of randomness here aren't the best, e.g. sysprops will be the
> same when using automated deployment tools if the jvm is the same version,
> installed in the same place, same user, etc.
> * asking for a Properties of all the sysprops needs blanket read-write access
> to all of them, which is inconvenient if you want to lock this down in tests
> (which I do). Today this means you can't ban write access or lucene won't
> work.
> I think we should use /dev/urandom when its available, its just practical and
> exactly what we need. If its not available (e.g. windows) we can use the
> current logic. If sysprops arent available we can just use another hashcode
> instead and lucene can still be used.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
